问题
I'm having an issue with the SDK. I followed this guide to get SSO with AWS. I'm able to add 4 roles using my code, but after that I get a 413.
My schema contains all of the roles under the SSO role array. So, each patch I make requires me to resubmit the entire role array according to the docs:
Note about arrays: Patch requests that contain arrays replace the existing array with the one you provide. You cannot modify, add, or delete items in an array in a piecemeal fashion.
Python Snippet:
service.users().patch(userKey=email, body=new_custom_schema).execute()
new_custom_schema is a dictionary containing all nodes including and below customSchema.
Error
googleapiclient.errors.HttpError: <HttpError 413 when requesting https://www.googleapis.com/admin/directory/v1/users/user@domain.com?alt=json returned "Profile quota is exceeded.: Data is too large for">
Sample Schema Insert:
{
"fields":
[
{
"fieldName": "role",
"fieldType": "STRING",
"readAccessType": "ADMINS_AND_SELF",
"multiValued": true
}
],
"schemaName": "SSO"
}
Sample User Patch:
{
"customSchemas": {
"SSO": {
"role": [
{
"customType": "AWSaccount1ReadOnly",
"type": "work",
"value": "arn:aws:iam::12345678910:role/gapps_readonly,arn:aws:iam::12345678910:saml-provider/GoogleApps"
},
{
"customType": "AWSaccount1Admin",
"type": "work",
"value": "arn:aws:iam::12345678910:role/gapps_admin,arn:aws:iam::12345678910:saml-provider/GoogleApps"
},
{
"customType": "AWSaccount2ReadOnly",
"type": "work",
"value": "arn:aws:iam::5101520253035:role/gapps_readonly,arn:aws:iam::5101520253035:saml-provider/GoogleApps"
},
{
"customType": "AWSaccount2Admin",
"type": "work",
"value": "arn:aws:iam::5101520253035:role/gapps_admin,arn:aws:iam::5101520253035:saml-provider/GoogleApps"
},
{
"customType": "AWSaccount3ReadOnly",
"type": "work",
"value": "arn:aws:iam::3691215182124:role/gapps_readonly,arn:aws:iam::3691215182124:saml-provider/GoogleApps"
},
{
"customType": "AWSaccount3Admin",
"type": "work",
"value": "arn:aws:iam::3691215182124:role/gapps_admin,arn:aws:iam::3691215182124:saml-provider/GoogleApps"
}
]
}
}
}
In this example, I'm able to submit the first 5 without issue
Any ideas would be greatly appreciated.
回答1:
I was able to get an answer on the size of the request:
array_length * 100 + SUM(value_lengths) <= ~32000
Example:
[ "{500 bytes}", "{500 bytes}", "{500 bytes}" ]
array_length is 3
SUM(value_lengths) is 1500
3 * 100 + 1500 + 4 = 1804
回答2:
I submitted a support ticket to Google and found out that there is a 4KB (~1000 characters) limit on the multivalued field in a custom schema.
So, there are a couple options:
- Choose a different SAML IdP
Create multiple SAML Apps as needed to work around the limit.
[Update]
You can't have multiple SAML apps with the same entity ID.
[Update 2]
The new limit seems to be roughly double the old limit. Somewhere between 2087 - 2315 characters
[Update 3]
It looks like this limit has been significantly increased. I have not run out of space yet.
来源:https://stackoverflow.com/questions/38024817/maximum-size-of-patch-to-customschemas